In modern private networks, such as data centers and intracompany networks, the infrastructure may be shared across multiple users and/or tenants. In situations where the network infrastructure is being shared there are various administrative and security concerns that need to be addressed to ensure virtual infrastructure segmentation. Segmentation is certainly relevant for different enterprises but even within the same enterprise segmentation may be desirable for administrative and security reasons.
U.S. Pat. No. 9,237,158 to Smith describes a method and apparatus for providing network security using role-based access control. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing Such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field.